Change the invites_issued attribute of the Lox credential to just count blockages instead

2021-05-03 14:27:11 -04:00 · 2021-05-03 14:27:11 -04:00 · 088071571a
parent 86cd2f54d7
commit 088071571a
6 changed files with 83 additions and 82 deletions
--- a/crates/lox-library/src/cred.rs
+++ b/crates/lox-library/src/cred.rs
@ -35,7 +35,7 @@ pub struct Lox {
    pub trust_level: Scalar,
    pub level_since: Scalar,
    pub invites_remaining: Scalar,
-    pub invites_issued: Scalar,
+    pub blockages: Scalar,
 }
 /// The migration key credential.
--- a/crates/lox-library/src/lib.rs
+++ b/crates/lox-library/src/lib.rs
@ -293,7 +293,7 @@ impl BridgeAuth {
            + cred.trust_level * self.lox_priv.x[3]
            + cred.level_since * self.lox_priv.x[4]
            + cred.invites_remaining * self.lox_priv.x[5]
-            + cred.invites_issued * self.lox_priv.x[6])
+            + cred.blockages * self.lox_priv.x[6])
            * cred.P;
        Q == cred.Q
--- a/crates/lox-library/src/proto/level_up.rs
+++ b/crates/lox-library/src/proto/level_up.rs
@ -15,7 +15,8 @@ The user presents their current Lox credential:
 - level_since: blinded, but proved in ZK that it's at least the
  appropriate number of days ago
 - invites_remaining: blinded
- invites_issued: blinded
+- blockages: blinded, but proved in ZK that it's at most the appropriate
  blockage limit for the target trust level
 and a Bucket Reachability credential:
 - date: revealed to be today
@ -32,7 +33,7 @@ and a new Lox credential to be issued:
 - invites_remaining: revealed to be the number of invites for the new
  level (note that the invites_remaining from the previous credential
  are _not_ carried over)
- invites_issued: blinded, but proved in ZK that it's the same as in the
+- blockages: blinded, but proved in ZK that it's the same as in the
  Lox credential above
 */
@ -79,7 +80,7 @@ pub struct Request {
    level: Scalar,
    CSince: RistrettoPoint,
    CInvRemain: RistrettoPoint,
-    CInvIssued: RistrettoPoint,
+    CBlockages: RistrettoPoint,
    CQ: RistrettoPoint,
    // Fields for blind showing the Bucket Reachability credential
@ -111,7 +112,7 @@ pub struct Request {
    D: RistrettoPoint,
    EncIdClient: (RistrettoPoint, RistrettoPoint),
    EncBucket: (RistrettoPoint, RistrettoPoint),
-    EncInvIssued: (RistrettoPoint, RistrettoPoint),
+    EncBlockages: (RistrettoPoint, RistrettoPoint),
    // The combined ZKP
    piUser: CompactProof,
@ -123,12 +124,12 @@ pub struct State {
    D: RistrettoPoint,
    EncIdClient: (RistrettoPoint, RistrettoPoint),
    EncBucket: (RistrettoPoint, RistrettoPoint),
-    EncInvIssued: (RistrettoPoint, RistrettoPoint),
+    EncBlockages: (RistrettoPoint, RistrettoPoint),
    id_client: Scalar,
    bucket: Scalar,
    level: Scalar,
    invremain: Scalar,
-    invissued: Scalar,
+    blockages: Scalar,
 }
 pub struct Response {
@ -141,7 +142,7 @@ pub struct Response {
    level_since: Scalar,
    TId: RistrettoPoint,
    TBucket: RistrettoPoint,
-    TInvIssued: RistrettoPoint,
+    TBlockages: RistrettoPoint,
    // The ZKP
    piBlindIssue: CompactProof,
@ -150,19 +151,19 @@ pub struct Response {
 define_proof! {
    requestproof,
    "Level Upgrade Request",
-    (bucket, since, invremain, invissued, zbucket, zsince, zinvremain,
+    (bucket, since, invremain, blockages, zbucket, zsince, zinvremain,
-     zinvissued, negzQ,
+     zblockages, negzQ,
     zbucket_reach, negzQ_reach,
-     d, eid_client, ebucket, einvissued, id_client,
+     d, eid_client, ebucket, eblockages, id_client,
     g0, g1, g2, g3, g4, g5, g6, g7, g8,
     zg0, zg1, zg2, zg3, zg4, zg5, zg6, zg7, zg8,
     wg0, wg1, wg2, wg3, wg4, wg5, wg6, wg7, wg8,
     yg0, yg1, yg2, yg3, yg4, yg5, yg6, yg7, yg8),
-    (P, CBucket, CSince, CInvRemain, CInvIssued, V, Xbucket, Xsince,
+    (P, CBucket, CSince, CInvRemain, CBlockages, V, Xbucket, Xsince,
-     Xinvremain, Xinvissued,
+     Xinvremain, Xblockages,
     P_reach, CBucket_reach, V_reach, Xbucket_reach,
     D, EncIdClient0, EncIdClient1, EncBucket0, EncBucket1,
-     EncInvIssued0, EncInvIssued1,
+     EncBlockages0, EncBlockages1,
     CG0, CG1, CG2, CG3, CG4, CG5, CG6, CG7, CG8,
     CG0sq, CG1sq, CG2sq, CG3sq, CG4sq, CG5sq, CG6sq, CG7sq, CG8sq),
    (A, B) :
@ -170,7 +171,7 @@ define_proof! {
    CBucket = (bucket*P + zbucket*A),
    CSince = (since*P + zsince*A),
    CInvRemain = (invremain*P + zinvremain*A),
-    CInvIssued = (invissued*P + zinvissued*A),
+    CBlockages = (blockages*P + zblockages*A),
    // Blind showing of the Bucket Reachability credential; note the
    // same bucket is used in the proof
    CBucket_reach = (bucket*P_reach + zbucket_reach*A),
@ -180,8 +181,8 @@ define_proof! {
    EncIdClient1 = (id_client*B + eid_client*D),
    EncBucket0 = (ebucket*B),
    EncBucket1 = (bucket*B + ebucket*D),
-    EncInvIssued0 = (einvissued*B),
+    EncBlockages0 = (eblockages*B),
-    EncInvIssued1 = (invissued*B + einvissued*D),
+    EncBlockages1 = (blockages*B + eblockages*D),
    // Prove CSince encodes a value at least LEVEL_INTERVAL
    // days ago (at technically at most LEVEL_INTERVAL+511 days
    // ago): first prove each of g0, ..., g8 is a bit by proving that
@ -204,11 +205,11 @@ define_proof! {
 define_proof! {
    blindissue,
    "Level Upgrade Issuing",
-    (x0, x0tilde, xid, xbucket, xlevel, xsince, xinvremain, xinvissued,
+    (x0, x0tilde, xid, xbucket, xlevel, xsince, xinvremain, xblockages,
-     s, b, tid, tbucket, tinvissued),
+     s, b, tid, tbucket, tblockages),
    (P, EncQ0, EncQ1, X0, Xid, Xbucket, Xlevel, Xsince, Xinvremain,
-     Xinvissued, Plevel, Psince, Pinvremain, TId, TBucket, TInvIssued,
+     Xblockages, Plevel, Psince, Pinvremain, TId, TBucket, TBlockages,
-     D, EncId0, EncId1, EncBucket0, EncBucket1, EncInvIssued0, EncInvIssued1),
+     D, EncId0, EncId1, EncBucket0, EncBucket1, EncBlockages0, EncBlockages1),
    (A, B):
    Xid = (xid*A),
    Xid = (xid*A),
@ -216,18 +217,18 @@ define_proof! {
    Xbucket = (xbucket*A),
    Xsince = (xsince*A),
    Xinvremain = (xinvremain*A),
-    Xinvissued = (xinvissued*A),
+    Xblockages = (xblockages*A),
    X0 = (x0*B + x0tilde*A),
    P = (b*B),
    TId = (b*Xid),
    TId = (tid*A),
    TBucket = (b*Xbucket),
    TBucket = (tbucket*A),
-    TInvIssued = (b*Xinvissued),
+    TBlockages = (b*Xblockages),
-    TInvIssued = (tinvissued*A),
+    TBlockages = (tblockages*A),
-    EncQ0 = (s*B + tid*EncId0 + tbucket*EncBucket0 + tinvissued*EncInvIssued0),
+    EncQ0 = (s*B + tid*EncId0 + tbucket*EncBucket0 + tblockages*EncBlockages0),
    EncQ1 = (s*D + tid*EncId1 + tbucket*EncBucket1
-            + tinvissued*EncInvIssued1 + x0*P + xlevel*Plevel + xsince*Psince
+            + tblockages*EncBlockages1 + x0*P + xlevel*Plevel + xsince*Psince
            + xinvremain*Pinvremain)
 }
@ -302,11 +303,11 @@ pub fn request(
    let zbucket = Scalar::random(&mut rng);
    let zsince = Scalar::random(&mut rng);
    let zinvremain = Scalar::random(&mut rng);
-    let zinvissued = Scalar::random(&mut rng);
+    let zblockages = Scalar::random(&mut rng);
    let CBucket = lox_cred.bucket * P + &zbucket * Atable;
    let CSince = lox_cred.level_since * P + &zsince * Atable;
    let CInvRemain = lox_cred.invites_remaining * P + &zinvremain * Atable;
-    let CInvIssued = lox_cred.invites_issued * P + &zinvissued * Atable;
+    let CBlockages = lox_cred.blockages * P + &zblockages * Atable;
    // Form a Pedersen commitment to the MAC Q
    // We flip the sign of zQ from that of the Hyphae paper so that
@ -319,7 +320,7 @@ pub fn request(
    let V = zbucket * lox_pub.X[2]
        + zsince * lox_pub.X[4]
        + zinvremain * lox_pub.X[5]
-        + zinvissued * lox_pub.X[6]
+        + zblockages * lox_pub.X[6]
        + &negzQ * Atable;
    // Blind showing the Bucket Reachability credential
@ -361,10 +362,10 @@ pub fn request(
    let ebucket = Scalar::random(&mut rng);
    let EncBucket = (&ebucket * Btable, &lox_cred.bucket * Btable + ebucket * D);
    let newinvites: Scalar = LEVEL_INVITATIONS[new_level as usize].into();
-    let einvissued = Scalar::random(&mut rng);
+    let eblockages = Scalar::random(&mut rng);
-    let EncInvIssued = (
+    let EncBlockages = (
-        &einvissued * Btable,
+        &eblockages * Btable,
-        &lox_cred.invites_issued * Btable + einvissued * D,
+        &lox_cred.blockages * Btable + eblockages * D,
    );
    // The range proof that 0 <= diffdays <= 511
@ -455,12 +456,12 @@ pub fn request(
            CBucket: &CBucket,
            CSince: &CSince,
            CInvRemain: &CInvRemain,
-            CInvIssued: &CInvIssued,
+            CBlockages: &CBlockages,
            V: &V,
            Xbucket: &lox_pub.X[2],
            Xsince: &lox_pub.X[4],
            Xinvremain: &lox_pub.X[5],
-            Xinvissued: &lox_pub.X[6],
+            Xblockages: &lox_pub.X[6],
            P_reach: &P_reach,
            CBucket_reach: &CBucket_reach,
            V_reach: &V_reach,
@ -470,8 +471,8 @@ pub fn request(
            EncIdClient1: &EncIdClient.1,
            EncBucket0: &EncBucket.0,
            EncBucket1: &EncBucket.1,
-            EncInvIssued0: &EncInvIssued.0,
+            EncBlockages0: &EncBlockages.0,
-            EncInvIssued1: &EncInvIssued.1,
+            EncBlockages1: &EncBlockages.1,
            CG0: &CG0,
            CG1: &CG1,
            CG2: &CG2,
@ -493,18 +494,18 @@ pub fn request(
            bucket: &lox_cred.bucket,
            since: &lox_cred.level_since,
            invremain: &lox_cred.invites_remaining,
-            invissued: &lox_cred.invites_issued,
+            blockages: &lox_cred.blockages,
            zbucket: &zbucket,
            zsince: &zsince,
            zinvremain: &zinvremain,
-            zinvissued: &zinvissued,
+            zblockages: &zblockages,
            negzQ: &negzQ,
            zbucket_reach: &zbucket_reach,
            negzQ_reach: &negzQ_reach,
            d: &d,
            eid_client: &eid_client,
            ebucket: &ebucket,
-            einvissued: &einvissued,
+            eblockages: &eblockages,
            id_client: &id_client,
            g0: &g0,
            g1: &g1,
@ -554,7 +555,7 @@ pub fn request(
            level: lox_cred.trust_level,
            CSince,
            CInvRemain,
-            CInvIssued,
+            CBlockages,
            CQ,
            P_reach,
            CBucket_reach,
@ -562,7 +563,7 @@ pub fn request(
            D,
            EncIdClient,
            EncBucket,
-            EncInvIssued,
+            EncBlockages,
            CG1,
            CG2,
            CG3,
@ -587,12 +588,12 @@ pub fn request(
            D,
            EncIdClient,
            EncBucket,
-            EncInvIssued,
+            EncBlockages,
            id_client,
            bucket: lox_cred.bucket,
            level: new_level.into(),
            invremain: newinvites,
-            invissued: lox_cred.invites_issued,
+            blockages: lox_cred.blockages,
        },
    ))
 }
@ -626,7 +627,7 @@ impl BridgeAuth {
                + self.lox_priv.x[2] * req.CBucket
                + self.lox_priv.x[4] * req.CSince
                + self.lox_priv.x[5] * req.CInvRemain
-                + self.lox_priv.x[6] * req.CInvIssued
+                + self.lox_priv.x[6] * req.CBlockages
                - req.CQ;
        let Vprime_reach = (self.reachability_priv.x[0] + self.reachability_priv.x[1] * today)
@ -663,12 +664,12 @@ impl BridgeAuth {
                CBucket: &req.CBucket.compress(),
                CSince: &req.CSince.compress(),
                CInvRemain: &req.CInvRemain.compress(),
-                CInvIssued: &req.CInvIssued.compress(),
+                CBlockages: &req.CBlockages.compress(),
                V: &Vprime.compress(),
                Xbucket: &self.lox_pub.X[2].compress(),
                Xsince: &self.lox_pub.X[4].compress(),
                Xinvremain: &self.lox_pub.X[5].compress(),
-                Xinvissued: &self.lox_pub.X[6].compress(),
+                Xblockages: &self.lox_pub.X[6].compress(),
                P_reach: &req.P_reach.compress(),
                CBucket_reach: &req.CBucket_reach.compress(),
                V_reach: &Vprime_reach.compress(),
@ -678,8 +679,8 @@ impl BridgeAuth {
                EncIdClient1: &req.EncIdClient.1.compress(),
                EncBucket0: &req.EncBucket.0.compress(),
                EncBucket1: &req.EncBucket.1.compress(),
-                EncInvIssued0: &req.EncInvIssued.0.compress(),
+                EncBlockages0: &req.EncBlockages.0.compress(),
-                EncInvIssued1: &req.EncInvIssued.1.compress(),
+                EncBlockages1: &req.EncBlockages.1.compress(),
                CG0: &CG0prime.compress(),
                CG1: &req.CG1.compress(),
                CG2: &req.CG2.compress(),
@ -750,16 +751,16 @@ impl BridgeAuth {
        let tbucket = self.lox_priv.x[2] * b;
        let TBucket = &tbucket * Atable;
        let EncQBucket = (tbucket * req.EncBucket.0, tbucket * req.EncBucket.1);
-        let tinvissued = self.lox_priv.x[6] * b;
+        let tblockages = self.lox_priv.x[6] * b;
-        let TInvIssued = &tinvissued * Atable;
+        let TBlockages = &tblockages * Atable;
-        let EncQInvIssued = (
+        let EncQBlockages = (
-            tinvissued * req.EncInvIssued.0,
+            tblockages * req.EncBlockages.0,
-            tinvissued * req.EncInvIssued.1,
+            tblockages * req.EncBlockages.1,
        );
        let EncQ = (
-            EncQHc.0 + EncQId.0 + EncQBucket.0 + EncQInvIssued.0,
+            EncQHc.0 + EncQId.0 + EncQBucket.0 + EncQBlockages.0,
-            EncQHc.1 + EncQId.1 + EncQBucket.1 + EncQInvIssued.1,
+            EncQHc.1 + EncQId.1 + EncQBucket.1 + EncQBlockages.1,
        );
        let mut transcript = Transcript::new(b"level upgrade issuing");
@ -777,20 +778,20 @@ impl BridgeAuth {
                Xlevel: &self.lox_pub.X[3],
                Xsince: &self.lox_pub.X[4],
                Xinvremain: &self.lox_pub.X[5],
-                Xinvissued: &self.lox_pub.X[6],
+                Xblockages: &self.lox_pub.X[6],
                Plevel: &(trust_level * P),
                Psince: &(level_since * P),
                Pinvremain: &(invitations_remaining * P),
                TId: &TId,
                TBucket: &TBucket,
-                TInvIssued: &TInvIssued,
+                TBlockages: &TBlockages,
                D: &req.D,
                EncId0: &EncId.0,
                EncId1: &EncId.1,
                EncBucket0: &req.EncBucket.0,
                EncBucket1: &req.EncBucket.1,
-                EncInvIssued0: &req.EncInvIssued.0,
+                EncBlockages0: &req.EncBlockages.0,
-                EncInvIssued1: &req.EncInvIssued.1,
+                EncBlockages1: &req.EncBlockages.1,
                x0: &self.lox_priv.x[0],
                x0tilde: &self.lox_priv.x0tilde,
                xid: &self.lox_priv.x[1],
@ -798,12 +799,12 @@ impl BridgeAuth {
                xlevel: &self.lox_priv.x[3],
                xsince: &self.lox_priv.x[4],
                xinvremain: &self.lox_priv.x[5],
-                xinvissued: &self.lox_priv.x[6],
+                xblockages: &self.lox_priv.x[6],
                s: &s,
                b: &b,
                tid: &tid,
                tbucket: &tbucket,
-                tinvissued: &tinvissued,
+                tblockages: &tblockages,
            },
        )
        .0;
@ -815,7 +816,7 @@ impl BridgeAuth {
            level_since,
            TId,
            TBucket,
-            TInvIssued,
+            TBlockages,
            piBlindIssue,
        })
    }
@ -861,20 +862,20 @@ pub fn handle_response(
            Xlevel: &lox_pub.X[3].compress(),
            Xsince: &lox_pub.X[4].compress(),
            Xinvremain: &lox_pub.X[5].compress(),
-            Xinvissued: &lox_pub.X[6].compress(),
+            Xblockages: &lox_pub.X[6].compress(),
            Plevel: &(state.level * resp.P).compress(),
            Psince: &(resp.level_since * resp.P).compress(),
            Pinvremain: &(state.invremain * resp.P).compress(),
            TId: &resp.TId.compress(),
            TBucket: &resp.TBucket.compress(),
-            TInvIssued: &resp.TInvIssued.compress(),
+            TBlockages: &resp.TBlockages.compress(),
            D: &state.D.compress(),
            EncId0: &EncId.0.compress(),
            EncId1: &EncId.1.compress(),
            EncBucket0: &state.EncBucket.0.compress(),
            EncBucket1: &state.EncBucket.1.compress(),
-            EncInvIssued0: &state.EncInvIssued.0.compress(),
+            EncBlockages0: &state.EncBlockages.0.compress(),
-            EncInvIssued1: &state.EncInvIssued.1.compress(),
+            EncBlockages1: &state.EncBlockages.1.compress(),
        },
    )?;
@ -889,6 +890,6 @@ pub fn handle_response(
        trust_level: state.level,
        level_since: resp.level_since,
        invites_remaining: state.invremain,
-        invites_issued: state.invissued,
+        blockages: state.blockages,
    })
 }
--- a/crates/lox-library/src/proto/migration.rs
+++ b/crates/lox-library/src/proto/migration.rs
@ -10,7 +10,7 @@ Lox credential:
 - trust_level: revealed to be 0
 - level_since: blinded
 - invites_remaining: revealed to be 0
- invites_issued: revealed to be 0
+- blockages: revealed to be 0
 and a Migration credential:
@ -27,7 +27,7 @@ and a new Lox credential to be issued:
 - trust_level: 1
 - level_since: today
 - invites_remaining: 0
- invites_issued: 0
+- blockages: 0
 */
@ -47,7 +47,7 @@ use super::super::{CMZ_A, CMZ_A_TABLE, CMZ_B, CMZ_B_TABLE};
 pub struct Request {
    // Fields for blind showing the Lox credential
-    // We don't need to include invites_remaining or invites_issued,
+    // We don't need to include invites_remaining or blockages,
    // since they must be 0
    P_lox: RistrettoPoint,
    id: Scalar,
@ -390,14 +390,14 @@ impl BridgeAuth {
        // Julian date
        let level_since: Scalar = self.today().into();
-        // The invitations_remaining and invitations_issued attributes
+        // The invitations_remaining and blockages attributes are 0 for
-        // are 0 for level 0 and level 1 Lox credentials, so we don't
+        // level 0 and level 1 Lox credentials, so we don't need to
-        // need to explicitly create them.
+        // explicitly create them.
        // Compute the MAC on the visible attributes
        let b = Scalar::random(&mut rng);
        let P = &b * Btable;
-        // invites_remaining = invites_issued = 0
+        // invites_remaining = blockages = 0
        let QHc = (self.lox_priv.x[0]
            + self.lox_priv.x[3] * trust_level
            + self.lox_priv.x[4] * level_since)
@ -533,6 +533,6 @@ pub fn handle_response(
        trust_level: Scalar::one(),
        level_since: resp.level_since,
        invites_remaining: Scalar::zero(),
-        invites_issued: Scalar::zero(),
+        blockages: Scalar::zero(),
    })
 }
--- a/crates/lox-library/src/proto/open_invite.rs
+++ b/crates/lox-library/src/proto/open_invite.rs
@ -9,7 +9,7 @@ The credential will have attributes:
 - trust_level: 0
 - level_since: today
 - invites_remaining: 0
- invites_issued: 0
+- blockages: 0
 */
@ -197,7 +197,7 @@ impl BridgeAuth {
        // Compute the MAC on the visible attributes
        let b = Scalar::random(&mut rng);
        let P = &b * Btable;
-        // trust_level = invites_remaining = invites_issued = 0
+        // trust_level = invites_remaining = blockages = 0
        let QHc =
            (self.lox_priv.x[0] + self.lox_priv.x[2] * bucket + self.lox_priv.x[4] * level_since)
                * P;
@ -315,6 +315,6 @@ pub fn handle_response(
        trust_level: Scalar::zero(),
        level_since: resp.level_since,
        invites_remaining: Scalar::zero(),
-        invites_issued: Scalar::zero(),
+        blockages: Scalar::zero(),
    })
 }
--- a/crates/lox-library/src/proto/trust_promotion.rs
+++ b/crates/lox-library/src/proto/trust_promotion.rs
@ -14,7 +14,7 @@ The user presents their current Lox credential:
 - level_since: blinded, but proved in ZK that it's at least
  UNTRUSTED_INTERVAL days ago
 - invites_remaining: revealed to be 0
- invites_issued: revealed to be 0
+- blockages: revealed to be 0
 They will receive in return the encrypted MAC (Pk, EncQk) for their
 implicit Migration Key credential with attributes id and bucket,
@ -57,7 +57,7 @@ pub const UNTRUSTED_INTERVAL: u32 = 30;
 pub struct Request {
    // Fields for blind showing the Lox credential
    // We don't need to include trust_level, invites_remaining, or
-    // invites_issued, since they must be 0
+    // blockages, since they must be 0
    P: RistrettoPoint,
    id: Scalar,
    CBucket: RistrettoPoint,